Source: Security Fix
A new and relatively low tech attack against bank customers has been reported in the wild. A fraudster posing as a bank employee phones up a bank customer and informs them of fraudulent activity on the account, then asks the customer to hold while the call is transferred to a fraud specialist. The scammer then phones the genuine bank, creating a conference call in which he acts as an eavesdropper. This gives the scammer access to various secrets revealed in the conversation between bank and customer.